SSH gateway server

6

1

Is there anyway to set up a ssh gateway server? What I am trying to setup is a way to connect to a specific linux shell on a Lan remotely from the internet without using port numbers. So for example login on would look like this

ssh server1.domain.com

or

ssh server2.domain.com

instead of ssh domain.com:(portnumber) and having port forwarding map (portnumber) to port 22 of the servers private IP address

Each server would have a private IP address and share the public IP.

Thank You

Lightning77

Posted 2016-03-13T21:07:32.753

Reputation: 403

Possible duplicate of SSH - SSH into a host, under a router which you don't have access (can't forward the port)

– Jarmund – 2016-03-13T21:49:55.943

@Lightning77 It can be achieved by an open-source tool called Ezeelogin - https://www.ezeelogin.com

– Harikrishnan – 2017-03-05T13:54:56.667

In case someone arrives at this (more esoteric) question, while looking for the more common scenario described here: https://unix.stackexchange.com/questions/190490/how-to-use-ssh-over-http-or-https

– michael – 2018-11-30T03:55:17.197

Answers

5

This is not possible in your described way, because ssh does not use any concept of domains and sub-domains (hostname is not part of protocol, as it is for HTTP). It is using hostnames only to get IP address and it is used (and port of course). Your concept would only work if you would have list of public IP addresses, which you probably don't have when you ask this question.

This case is commonly solved using jumpbox server, where you connect using public IP and from there you see local network (with possibly local DNS names). This requires to use, for example:

ssh -t jumpbox ssh anotherhost.localdomain

but it can be simplified using ProxyCommand in client configuration:

Host *.localdomain
  ProxyCommand ssh -W %h:%p jumpbox

And then the connection to distant node is transparent. When you type

ssh anotherhost.localdomain

it will bring you to the target host over the jumpbox.

Jakuje

Posted 2016-03-13T21:07:32.753

Reputation: 7 981

1The ProxyCommand method is best, because it doesn't expose the plaintext to the jumpbox itself (as the ssh -t method would). – user1686 – 2016-03-13T22:04:16.290

@grawity Thanks. That is good point. But the middle way is easier to understand for users. – Jakuje – 2016-03-13T22:20:24.207

1

Below is the command to setup an SSH gateway server: 

$ ssh -L 2222:secureserver:22 user@gateway cat -

Enter the password when prompted (but you should really be using public key authentication, anyway). After this, in another terminal, use this to connect to the secure server.

$ ssh -p 2222 user2@localhost

That’s it. You can now use ssh, scp, or any other command to directly talk to the secure server through the gateway. You only need to run the first command once and keep it running in a hidden terminal.

Elizabeth Anderson

Posted 2016-03-13T21:07:32.753

Reputation: 101

Asked: 2016-03-13T21:07:32.753

Viewed: 11 630 times

Active: 2018-11-30T03:22:57.877